Handles challenge based authentication for Container Registry Service.
The challenge-based authorization flow for ACR is illustrated in the following steps.
For example, GET /api/v1/acr/repositories translates into the following calls.
Step 1: GET /api/v1/acr/repositories
ReturnHeader: 401: www-authenticate header - Bearer realm="{url}",service="{serviceName}",scope="{scope}",error="invalid_token"
Step 2: Retrieve the serviceName, scope from the WWW-Authenticate header. (Parse the string.)
Step 3: POST /api/oauth2/exchange
Request Body : { service, scope, grant-type, aadToken with ARM scope }
Response Body: { acrRefreshToken }
Step 4: POST /api/oauth2/token
Request Body: { acrRefreshToken, scope, grant-type }
Response Body: { acrAccessToken }
Step 5: GET /api/v1/acr/repositories
Request Header: { Bearer acrTokenAccess }
Handles challenge based authentication for Container Registry Service.
The challenge-based authorization flow for ACR is illustrated in the following steps. For example, GET /api/v1/acr/repositories translates into the following calls. Step 1: GET /api/v1/acr/repositories Return Header: 401: www-authenticate header - Bearer realm="{url}",service="{serviceName}",scope="{scope}",error="invalid_token" Step 2: Retrieve the serviceName, scope from the WWW-Authenticate header. (Parse the string.) Step 3: POST /api/oauth2/exchange Request Body : { service, scope, grant-type, aadToken with ARM scope } Response Body: { acrRefreshToken } Step 4: POST /api/oauth2/token Request Body: { acrRefreshToken, scope, grant-type } Response Body: { acrAccessToken } Step 5: GET /api/v1/acr/repositories Request Header: { Bearer acrTokenAccess }